First published: Mon Jul 23 2018(Updated: )
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octobercms October | <1.0.437 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1999008 is a Cross Site Scripting (XSS) vulnerability in October CMS version prior to build 437.
CVE-2018-1999008 affects October CMS by allowing an authenticated user with media module permission to create arbitrary folder name with XSS content.
The severity of CVE-2018-1999008 is medium with a CVSS score of 5.4.
To fix CVE-2018-1999008 in October CMS, update to build 437 or a later version.
You can find more information about CVE-2018-1999008 at the following link: [https://octobercms.com/support/article/rn-10](https://octobercms.com/support/article/rn-10).